Add rate limiting

Question

Add rate limiting

Closed this issue 2 years ago · 3 comments

hi,

to avoid a bruteforce attack, where should one set the ratelimiting middleware?

Answer 1 · 2022-07-29T06:56:01.000Z

I have not used the rate limit middleware. But as far as I read the documentation, just make sure to load the RateLimiter Middleware before this SitePasswortProtection middleware

However, this package will not support any direct implementation of a rate limit function. The goal is to keep it "simple" and just add a "simple" password field.

If your application is likely to be hit by a bruteforce attack and the information behind the password protection are very sensitive (e.g., more than just a developer version of the website), you should consider a different, and more sophisticated protection.

Answer 2 · 2022-07-29T07:07:58.000Z

Thanks, will try the right order of the middlewares i guess that helps. Nice package for quick & smaller projects 👍

Answer 3 · 2022-07-29T08:26:29.000Z

adding it to $middlewareGroups like

            'throttle:global',
            \ElicDev\SiteProtection\Http\Middleware\SiteProtection::class,

rather than to $middleware worked